Security update for curl
This update for curl fixes the following issues:
- CVE-2020-8286: Fixed improper OSCP verification in the client side (bsc#1179593).
- CVE-2020-8285: Fixed a stack overflow due to FTP wildcard (bsc#1179399).
- CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different IP (bsc#1179398).
This update was imported from the SUSE:SLE-15-SP2:Update update project.
-
Submitted by
Pedro Monreal Gonzalez (pmonrealgonzalez)
Fixed bugs
bnc#1179399
VUL-0: EMBARGOED: CVE-2020-8285: curl: libcurl: FTP wildcard stack overflow (2/3)
bnc#1179593
VUL-0: EMBARGOED: CVE-2020-8286: curl: Inferior OCSP verification (3/3)
bnc#1179398
VUL-0: EMBARGOED: CVE-2020-8284: curl: trusting FTP PASV responses (1/3)
